C4 Ubuntu 20.04 PHP gpio

brk · Post by **brk** » Sat Feb 26, 2022 12:33 am

Hi,
I would like to control (set/unset/read) gpio pins within a php site, which I did with C1/C1+
But on C4 same setup does not work:

sudo visudo bottom line: odroid ALL=NOPASSWD:ALL
sudo usermod -a -G www-data odroid

php file:
shell_exec("gpio write 0 1");
$output = shell_exec("gpio read ");
echo "Sense " . $data . ": ". $output;

same code/settings runs on C1+ but not on C4.

The basic problem is that gpio command can not be run within php code, I know this is something related to apache2 servers rights etc but couldn't solve it on C4s (Ubuntu 20.04, 4.9.277-82).

Any suggestions?
Best regards

rooted · Post by **rooted** » Sat Feb 26, 2022 3:19 am

Perhaps you could encapsulate the command inside a shell script and run that from within your PHP code.

Not a clean solution but it may work.

brk · Post by **brk** » Mon Feb 28, 2022 11:47 pm

well, at first it seemed as a dirty solution but it did not work:(

I also create a c program using wiringPi which runs from the command line without any problem but when I call it within a PHP file from a browser using shell_exec() it did not control the gpio pins.
somehow I can not access/use gpio pins from php.

I am not sure if I am doing something wrong or is this a general problem beyond my control?

rooted · Post by **rooted** » Tue Mar 01, 2022 7:26 am

I'm guessing it's a permission issue.

mad_ady · Post by **mad_ady** » Tue Mar 01, 2022 3:56 pm

If you're running from a web server, the code runs as apache user. Try running shell_exec("id"); to confirm.
You need to:
1. Allow apache user to run the command as root without password
2. Call the command with sudo shell_exec("sudo id");

brad · Post by **brad** » Tue Mar 01, 2022 4:39 pm

Would suggest you have a look at the permissions on the gpio devices as it might give some idea of permissions required to access the gpio devices.

Code: Select all

$ ls -l /dev/gpio*

not sure if they will be owned by root, open to everyone or assigned to the gpio group on 4.9.y.

brk · Post by **brk** » Tue Mar 01, 2022 11:23 pm

shell_exec("id); gives uid=33(www-data) gid=33(www-data) groups=33(www-data)

shell_exec("sudo id"); does not run.

running id at console gives:
uid=1000(odroid) gid=1000(odroid) groups=1000(odroid),4(adm),6(disk),7(lp),15(kmem),20(dialout),21(fax),22(voice),24(cdrom),27(sudo),29(audio),33(www-data),44(video),46(plugdev),50(staff),104(input),116(bluetooth),120(pulse),121(pulse-access),125(lightdm),126(nopasswdlogin)

running sudo id at console gives:
uid=0(root) gid=0(root) groups=0(root)

ls -l /dev/gpio*
crw------- 1 root root 254, 0 Jan 10 07:56 /dev/gpiochip0
crw------- 1 root root 254, 1 Jan 10 07:56 /dev/gpiochip1
crw-rw---- 1 root odroid 242, 0 Jan 10 07:56 /dev/gpiomem

ls -l /sys/class|grep gpio
drwxr-xr-x 2 root root 0 Mar 1 16:02 aml-gpiomem
drwxr-xr-x 2 root root 0 Mar 1 16:02 gpio

ls -l /sys/class/gpio
total 0
--w------- 1 root root 4096 Mar 1 16:02 export
lrwxrwxrwx 1 root root 0 Mar 1 16:02 gpiochip410 -> ../../devices/platform/pinctrl@ff634480/gpio/gpiochip410
lrwxrwxrwx 1 root root 0 Mar 1 16:02 gpiochip496 -> ../../devices/platform/pinctrl@ff800014/gpio/gpiochip496
--w------- 1 root root 4096 Mar 1 16:02 unexport

so /sys/class/gpio/export and /sys/class/gpio/unexport owned by root and only root has write permission.

But these conditions are exactly the same for C1+ (Ubuntu 18.04, 3.10.107-13) and there is no problem accessing/altering gpio pins from within php pages.

as a reminder I alrteady edit the /etc/sudoers file with sudo visudo and add this last line:

#includedir /etc/sudoers.d

odroid ALL=NOPASSWD:ALL

and run:
sudo usermod -a -G www-data odroid

So what I expect is to have www-data user to be able to execute commands with su privileges, which is the case for C1+, but not for C4.

mad_ady · Post by **mad_ady** » Tue Mar 01, 2022 11:45 pm

You need to add something like this to /etc/sudoers:

Code: Select all

www-data ALL=NOPASSWD:ALL

Though it's unsafe. But ok for testing/isolated environment.

brk · Post by **brk** » Wed Mar 02, 2022 12:29 am

Thank you for the hint. Adding www-data to sudoers solved my problem.

But I still wonder why C1+s - Ubuntu 18.04 do not need this?

Anyway, thank you all very much.

brk · Post by **brk** » Wed Mar 02, 2022 12:39 am

brk wrote: ↑
Wed Mar 02, 2022 12:29 am
Thank you for the hint. Adding www-data to sudoers solved my problem.

But I still wonder why C1+s - Ubuntu 18.04 do not need this?

Anyway, thank you all very much.

Actually www-data user should have necessary privileges to access/alter /sys/class/gpio without sudo, this solution, being able to run sudo, is not safe at all:(

mad_ady · Post by **mad_ady** » Wed Mar 02, 2022 4:37 pm

On Ubuntu 18.04, the gpio binary might have been suid (run ls -l on it to check). If you set it to suid, you should be able to run it without sudo and it should be safer. Or keep sudo, but restrict it to just the gpio command.

brad · Post by **brad** » Wed Mar 02, 2022 5:13 pm

I'm not running exactly the same Ubuntu version (or php) but I did some testing and wonder if this will work for you

Create a new file /etc/udev/rules.d/99-gpio.rules and add the following

Code: Select all

SUBSYSTEM=="gpio", KERNEL=="gpiochip*", GROUP="www-data", MODE="0660"

It sets the device permissions when they are created (at boot) and the above example sets the group to be www-data and read/write permissions. Reboot after creating the file to make it live.

Works for me (as a simple user - im not testing php), but unsure if it will on the 4.9 kernel (it may need access to extra devices)

brk · Post by **brk** » Wed Mar 02, 2022 8:50 pm

There is already a 99-odroid-wiringpi-aml.rules file

Code: Select all

# /dev/gpiomem
SUBSYSTEM=="aml-gpiomem", GROUP="odroid", MODE="0660"

I created a new file: 99-gpio.rules

Code: Select all

SUBSYSTEM=="gpio", KERNEL=="gpiochip*", GROUP="www-data", MODE="0660"

After rebooting still cannot access gpio pins.

But then I removed 99-gpio.rules file and changed 99-odroid-wiringpi-aml.rules as:

Code: Select all

# /dev/gpiomem
SUBSYSTEM=="aml-gpiomem", GROUP="www-data", MODE="0660"

And after rebooting I can access gpio pins using php.

On the other hand, witout editing 99-odroid-wiringpi-aml.rules file, I just set suid of gpio program as mad_ady suggested and gpio pins became accessable through PHP.

So, my final setup is with the original 99-odroid-wiringpi-aml.rules file, original sudoers file (without adding www-data ALL=NOPASSWD:ALL) and suid gpio, and I can access gpio pins without sudo over PHP.

Code: Select all

odroid@soliterm:/etc/udev/rules.d$ ls -al
total 16
drwxr-xr-x 2 root root 4096 Mar  2 14:41 .
drwxr-xr-x 4 root root 4096 Feb  1 20:41 ..
-rwxr-xr-x 1 root root  667 Jul 30  2019 10-odroid.rules
-rw-r--r-- 1 root root   69 Mar  2 14:41 99-odroid-wiringpi-aml.rules
odroid@soliterm:/etc/udev/rules.d$ more 99-odroid-wiringpi-aml.rules
# /dev/gpiomem
SUBSYSTEM=="aml-gpiomem", GROUP="odroid", MODE="0660"
odroid@soliterm:/etc/udev/rules.d$ ls -al /usr/bin/gpio
-rwsr-xr-x 1 root root 59352 Mar 15  2021 /usr/bin/gpio
odroid@soliterm:/etc/udev/rules.d$

Thank you all for your precious help.
Best regards.

ODROID

C4 Ubuntu 20.04 PHP gpio

C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Re: C4 Ubuntu 20.04 PHP gpio

Who is online